IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

COVID-19 takes US school hacks to new heights

Remote learning fueled a wave of class invasions

According to research released this week, US schools suffered a record number of cyber security incidents in 2020 as attackers capitalized on the COVID-19 pandemic.

The State of K-12 Cybersecurity: 2020 Year In Review report from the K-12 Cybersecurity Resource Center and the K12 Security Information Exchange released the report based on data from its K-12 cyber incident map. It recorded 408 publicly disclosed cyber security incidents in 2020, an 18% increase over 2019.

The largest number of attacks were data breaches and leaks, representing 36%. Ransomware followed at 12%, denial of service attacks made up 5%, and phishing represented just 2% of attacks.

While some breaches involved staff records, most targeted student data. Parents even reported hackers using childs’ data for credit applications and to sign up for accounts at utility companies. 

Third-party attacks were a common cause of breaches. For the second straight year, at least three-quarters of all breaches involved security incidents at school district vendors and other partners, the report noted.

There were 50 publicly disclosed ransomware infections in 2020, but there may have been more. Another eight school districts reported malware outbreaks that looked like ransomware but weren’t publicly confirmed as such. Overall, there were fewer ransomware incidents than in 2019, but they were severe.

Double extortion, which is a rising problem for ransomware victims, was a growing trend in 2020. In these attacks, cyber criminals steal data when they encrypt it and blackmail victims by threatening to publish what they stole. Hackers exposed at least 560,000 students' data this way in 2020.

The 2% figure for phishing attacks might seem low, but further analysis shows some of these are business email compromise (BEC) attacks. These are specialized attacks in which thieves convince administrators to send fraudulent payments. Four BEC thefts occurred in 2020, with hackers defrauding one school district of $9.8 million.

Almost half of the attacks (45%) fell into the “other” category, covering everything from “Zoom bombing” meetings to website defacements. This aligns with a sharp change in attack patterns and volumes during Q2 2020 as pandemic conditions kicked in and students moved to remote studies. There were just 49 incidents in Q1, rising to 67 in Q2. The subsequent quarters saw 160 and 132 incidents, respectively.

Intruders used videoconferencing systems to disrupt administrative meetings and classroom sessions, the report said, noting hackers didn’t limit these intrusions to just the Zoom platform. Intruders also compromised school email systems to distribute inappropriate material to the school district members, it added.

Featured Resources

Meeting the future of education with confidence

How the switch to digital learning has created an opportunity to meet the needs of every student, always

Free Download

The Total Economic Impact™ of IBM Cloud Pak® for Watson AIOps with Instana

Cost savings and business benefits

Free Download

The business value of the transformative mainframe

Modernising on the mainframe

Free Download

Technology reimagined

Why PCaaS is perfect for modern schools

Free Download

Recommended

Protecting healthcare from cybercrime
Whitepaper

Protecting healthcare from cybercrime

25 May 2022
The truth about cyber security training
Whitepaper

The truth about cyber security training

25 Apr 2022
The truth about cyber security training
Whitepaper

The truth about cyber security training

25 Apr 2022
The Total Economic Impact™ of Mimecast
Whitepaper

The Total Economic Impact™ of Mimecast

25 Apr 2022

Most Popular

How to boot Windows 11 in Safe Mode
Microsoft Windows

How to boot Windows 11 in Safe Mode

7 Jun 2022
Delivery firm Yodel disrupted by cyber attack
cyber attacks

Delivery firm Yodel disrupted by cyber attack

21 Jun 2022
Salaries for the least popular programming languages surge as much as 44%
Development

Salaries for the least popular programming languages surge as much as 44%

23 Jun 2022